Authorization log files

MMDF authorization log files contain descriptions of
authorization attempts and reasons for failure or success.
Log files are produced by defining the appropriate
authorization logging level.

The format of messages in the authorization log file is
similar to other MMDF log files.
Each message includes the date, time, message source, and
message ID, followed by the log-specific information.
The message also includes an
``end of processing'' message that describes
the message sender and size.
Each authorization message can include either one or two reasons
for authorizing a particular message.

NOTE:
Authorization log file messages appear on one line; the
examples in this section split the lines for readability.

Authorization message keys

Keys used in authorization log file messages:

i

input channel

o

output channel

a

destination address

r

reason for authorization

hi

inbound host

ho

outbound host

Single-reason authorization codes

If the authorization message includes a single
reason for authorization,
the ``r'' key specifies a single authorization
code that describes both the inbound and the outbound
authorization when you use host-based authorization.

In this example, the authorized message has two recipients
(bob and mike).
The first authorization message shows that the inbound channel
(``i'') is the local channel and the outbound channel
is peaks.
The ``a'' key indicates that the recipient's address is
bob@rsre.ac.uk.

The reason (``r'') given for authorizing the message
is CH; in other words, the inbound channel (local) has
authorization to send mail to the given outbound host or route
(specified by ``ho''), in this case username@rsre.ac.uk.

Two-reason authorization codes

Two-reason authorization codes describe the reason for
authorization in terms of user-based authorization:

IL

inbound channel, outbound = LIST

OL

outbound channel, dest = LIST

IS

inbound channel by sender

OS

outbound channel by sender

IR

inbound channel by receiver

OR

outbound channel by receiver

I

inbound channel, log unauthorized access

O

outbound channel, log unauthorized access

NOTE:
MMDF only uses these authorization codes when you set
the ``auth=inlog'' or ``auth=outlog'' parameters of
the AUTHLOG keyword
in /usr/mmdf/mmdftailor.

The message in this example uses
two-reason authorization (if no authorization is required
for a channel, MMDF leaves the reason field (``r'') empty):

In this example, the message arrived (with no authorization required)
on the local channel and is authorized to leave on the your_company
channel because the sender (david) is authorized to use
it (OS).